Configuring source ip-based snmp login control – H3C Technologies H3C SecPath F1000-E User Manual

Page 101

Advertising
background image

93

Configuring source IP-based SNMP login control

You can log in to the NMS to remotely manage the devices. SNMP is used for communication between

the NMS and the agent that resides in the device. By using the ACL, you can control SNMP user access

to the device.
Before configuration, determine the permitted or denied source IP addresses.

Configuring source IP-based SNMP login control

Basic ACLs match the source IP addresses of packets, so you can use basic ACLs to implement source

IP-based login control over NMS users. Basic ACLs are numbered from 2000 to 2999. For more

information about ACL, see Access Control Configuration Guide.
To configure source IP-based SNMP login control:

Step Command

Remarks

1.

Enter system view.

system-view N/A

2.

Create a basic ACL and enter
its view, or enter the view of

an existing basic ACL.

acl [ ipv6 ] number acl-number [ name
acl-name ] [ match-order { config |

auto } ]

By default, no basic ACL
exists.

3.

Create rules for this ACL.

rule [ rule-id ] { permit | deny } [ source
{ sour-addr sour-wildcard | any } |

time-range time-name | fragment |

logging ]*

N/A

4.

Exit the basic ACL view.

quit

N/A

5.

Associate this SNMP
community with the ACL.

snmp-agent community { read | write }
community-name [ acl acl-number |

mib-view view-name ]*

You can associate the ACL
when creating the community,

the SNMP group, and the

user.
For more information about
SNMP, see System

Management and

Maintenance Configuration
Guide.

6.

Associate the SNMP group
with the ACL.

snmp-agent group { v1 | v2c }
group-name [ read-view read-view ]
[ write-view write-view ] [ notify-view

notify-view ] [ acl acl-number ]
snmp-agent group v3 group-name

[ authentication | privacy ] [ read-view
read-view ] [ write-view write-view ]

[ notify-view notify-view ] [ acl

acl-number ]

7.

Associate the user with the

ACL.

snmp-agent usm-user { v1 | v2c }
user-name group-name [ acl
acl-number ]
snmp-agent usm-user v3 user-name
group-name [ [ cipher ]

authentication-mode { md5 | sha }

auth-password [ privacy-mode { 3des |
aes128 | des56 } priv-password ] ] [ acl

acl-number ]

Advertising
This manual is related to the following products:

H3C SecPath F5000-A5 Firewall, H3C SecPath F1000-A-EI, H3C SecPath F1000-E-SI, H3C SecPath F1000-S-AI, H3C SecPath F5000-S Firewall, H3C SecPath F5000-C Firewall, H3C SecPath F100-C-SI, H3C SecPath F1000-C-SI, H3C SecPath F100-A-SI, H3C SecBlade FW Cards, H3C SecBlade FW Enhanced Cards, H3C SecPath U200-A U200-M U200-S, H3C SecPath U200-CA U200-CM U200-CS

Popular Brands
Popular manuals